CVE-2023-45857
ADVISORY - githubSummary
An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
EPSS Score: 0.00094 (0.415)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Cross-Site Request Forgery (CSRF)
ADVISORY - github
Cross-Site Request Forgery (CSRF)
ADVISORY - gitlab
ADVISORY - redhat
Exposure of Sensitive Information to an Unauthorized Actor
NIST
CREATED
UPDATED
ADVISORY IDCVE-2023-45857
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.5mediumGitHub
CREATED
UPDATED
ADVISORY IDGHSA-wf5p-g6vw-rhxx
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.5mediumDebian
CREATED
UPDATED
ADVISORY IDCVE-2023-45857
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2023-45857
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
6.5mediumRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2023-45857
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.5mediumChainguard
CREATED
UPDATED
ADVISORY ID
CGA-vgwv-2q7q-27h5
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-353m-v97c-f639
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
intheWild
CREATED
UPDATED
ADVISORY IDCVE-2023-45857
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-